The single mistake that put the entire Internet at risk

A digital certificate for .google.com domains has been blocked by Google, Mozilla and Microsoft after a Turkish certificate authority (CA) incorrectly provided it to two other Turkish organizations who are unauthorized for the privileges that certificate affords -- a mistake that put virtually everyone that uses the Internet at risk.

On Christmas, Google discovered that a CA called TURKTRUST was responsible for putting the certificate in the wrong hands.

"In response, we updated Chrome’s certificate revocation metadata on December 25 to block that intermediate CA," Google software engineer Adam Langley wrote on the company's Security Blog. "TURKTRUST told us that based on our information, they discovered that in August 2011 they had mistakenly issued two intermediate CA certificates."

It's not known if the unauthorized certificates were used to carry out any attacks; however, an attacker with the certificate in hand could pretend to be any domain, gain victims' trust, infect their machine with malicious code, collect identifiable information or steal banking logins — the horrific possibilities are pretty much endless.